Re: [gnso-thickwhoispdp-wg] Feedback concerning legal review

[Don Blumenthal <dblumenthal@xxxxxxx>]

Marika,

Thanks very much. I really appreciate your follow up.

I'm concerned that the GC's office misunderstands what the WG is considering, 
or at least what I think is on the table. What's needed is a systematic 
analysis of how data protection legal regimes might affect transition 
decisions, not detailed legal analyses of laws as they apply to individual 
parties.  For example, are there are aren't there enough potential roadblocks 
to transition to affect any decisions? Will so many parties use the ICANN 
procedures that transition becomes pointless (that assumes that the processes 
listed are relevant to our issues at all. I'm not sure that they are but need 
more time to ponder).

It has been clear that privacy has been a big part of the EWG's focus, and 
having the memo is very useful. It generally is the type of document that I see 
coming out of the legal review that we have discussed. I would focus the issues 
more on WG matters, obviously. More importantly in a way, I expect a product 
that takes advantage of data protection law expertise outside GC and that also 
does a much more thorough cataloguing of different national and international 
approaches. It does the usual pass through the US, EU, and Canada. How about 
APEC (Asia Pacific Economic Cooperation), Brazil, India, the Philippines, 
China, and many more DP regimes that I could mention? In fairness, the memo 
mentions "Asia" briefly but gives no details on the reference.

Don

From: Marika Konings <marika.konings@xxxxxxxxx<mailto:marika.konings@xxxxxxxxx>>
Date: Wednesday, October 9, 2013 4:38 PM
To: Thick Thin PDP 
<gnso-thickwhoispdp-wg@xxxxxxxxx<mailto:gnso-thickwhoispdp-wg@xxxxxxxxx>>
Subject: [gnso-thickwhoispdp-wg] Feedback concerning legal review

Dear All,

Following our meeting yesterday, I spoke to my colleagues in the legal team and 
wanted to clarify some things in relation to the possible 'legal review'. As 
I've mentioned before, they are kept in the loop throughout the working group 
discussions which already allows them to raise any potential red flags during 
that part of the process as well as during the implementation process. However, 
their main focus is on assuring that any policy recommendations do not conflict 
or contradict any existing ICANN policies or legal requirements applicable to 
ICANN. They are not in a position to provide advice to individual parties in 
different jurisdictions on whether or not the proposed policy recommendations 
are in potential violation of local laws. This is the responsibility of the 
party affected and as most of you know there are several mechanisms in place by 
which the affected party can work with ICANN to request an exemption (see for 
example 
http://www.icann.org/en/resources/registrars/whois-policies-provisions#2 and 
http://www.icann.org/en/resources/registrars/updates/retention/waiver-request-process).

Separately, I wanted to share with you the attached memo that has been prepared 
for the EWG concerning data protection considerations applicable for the 
collection of gTLD registration data in the Proposed Centralized and Federated 
Database Systems. Although this is not specific to our discussion on thick vs. 
thin, it does hopefully show that data protection and privacy considerations 
are seriously considered in other efforts that are dealing with Whois. Also, 
there is a specific section on restrictions on personal data transfer which may 
help inform the development of the implementation plan and any potential 
safeguards that may need to be considered.

Best regards,

Marika